AI & Automation

Should Australian Tech Teams Trust AI Code Rewrites Like Bun's Claude Project in 2026?

6 min read RP SoftTech
Two software developers reviewing code together on a large monitor in an office

When Zig creator Andrew Kelley publicly called Bun's Claude-driven Rust rewrite 'unreviewed slop', it wasn't just a developer spat — it was a warning shot for every founder in Sydney, Melbourne, and Brisbane racing to ship code faster with AI. The short answer: AI can write the code, but Australian businesses that skip human review are trading short-term velocity for long-term liability.

What is the Concept

Bun, the popular JavaScript runtime built by Oven, used Claude to help rewrite large portions of its codebase into Rust — a mass, AI-assisted migration touching thousands of lines. Andrew Kelley, who built the Zig programming language and has a reputation for uncompromising code quality standards, publicly criticised the effort, arguing that the output looked machine-generated and had not been properly vetted by human engineers before merging. His term 'unreviewed slop' has since become shorthand in developer circles for a specific failure mode: using large language models to generate or restructure production code at scale, then shipping it without the rigorous line-by-line review that a rewrite of that size would normally demand.

This isn't an argument against AI-assisted coding itself. It's an argument about process. The concept at stake is 'review-to-ship ratio' — how much genuine human scrutiny happens per unit of AI-generated code before it reaches production. When that ratio collapses toward zero, defects, security gaps, and architectural drift accumulate silently until something breaks in front of a customer.

Why It Matters in Australia (2025–2026 Context)

Australian software teams are under real cost pressure. With senior developer salaries in Sydney and Melbourne regularly exceeding AUD 150,000, many founders and CTOs have leaned hard into AI coding assistants like Claude, GitHub Copilot, and Cursor to reduce headcount needs. That's a rational instinct — but the Bun controversy shows what happens when speed replaces scrutiny. For an Australian fintech, healthtech, or e-commerce platform bound by obligations under the Privacy Act 1988 and, where relevant, APRA's CPS 234 standard for information security, an unreviewed AI rewrite isn't just embarrassing — it's a compliance and liability exposure.

The Australian Cyber Security Centre's Essential Eight framework already pushes organisations toward disciplined patching and application control. AI-generated code that bypasses proper review effectively undermines that discipline from the inside. In a market where companies like Atlassian, Canva, and SafetyCulture have built global reputations on engineering rigour, cutting corners on review to save a few sprints is a false economy that Australian boards and investors are increasingly asking pointed questions about during due diligence.

How AI Is Changing This

AI coding tools have moved from autocomplete to autonomous multi-file rewrites in under two years. Claude, in particular, can now restructure entire modules, translate codebases between languages, and generate accompanying tests — which is exactly the capability Bun leaned on. The upside for Australian teams is enormous: a five-person Melbourne startup can now attempt refactoring work that previously required a ten-person team and months of budget. The downside, as Kelley's critique highlights, is that AI models optimise for plausible-looking output, not necessarily correct or idiomatic output, especially in systems-level languages like Rust where memory safety and performance trade-offs are subtle.

The emerging best practice among AI-forward Australian engineering teams is a tiered review model: low-risk, isolated code (internal tooling, test scaffolding) can ship with lighter review, while anything touching core infrastructure, payments, or customer data requires full human sign-off regardless of how the code was generated. This mirrors what several Sydney-based SaaS companies have quietly adopted after seeing the Bun backlash play out on developer forums and X.

Real-World Examples

Bun's experience is the clearest cautionary tale: a widely used open-source runtime, trusted by thousands of production applications globally including Australian startups building on Node-compatible stacks, faced public credibility questions after a respected language creator flagged the rewrite's quality. Locally, Australian engineering leaders at companies like Culture Amp have spoken publicly about requiring 'two-person review' on any AI-generated pull request touching production systems — a policy that predates the Bun incident but is now being cited as validation.

Contrast this with smaller Melbourne and Brisbane agencies that adopted a 'ship first, review later' approach to AI-assisted development in 2025. Several reported having to roll back client-facing features within weeks due to subtle logic errors that automated tests hadn't caught — errors a human reviewer familiar with the business context would likely have flagged immediately.

Practical Insights / Actions

Australian founders and CTOs should treat the Bun controversy as a prompt to formalise, not abandon, AI-assisted development. Start by defining a review-to-ship ratio for your team: what percentage of AI-generated code gets a genuine second set of human eyes before merge, and does that percentage scale down as the blast radius of the change increases? Second, separate 'AI-assisted' from 'AI-authored' in your pull request tagging — this alone forces reviewers to apply appropriately higher scrutiny to fully AI-generated rewrites.

Third, invest the money you save from AI-accelerated development back into senior review capacity rather than headcount reduction. A single senior engineer in Sydney costing roughly AUD 160,000 a year who reviews AI output properly is cheaper insurance than the cost of a production incident, a client churn event, or a compliance breach. RP SoftTech works with Australian businesses to build exactly this kind of AI-augmented, human-governed development workflow — pairing AI coding velocity with the review discipline that protects revenue and reputation.

Future Outlook

Expect 2026 to be the year Australian engineering teams formalise 'AI code governance' the same way they formalised DevOps a decade ago. Tooling that scores AI-generated pull requests on an 'AI Code Debt Index' — measuring test coverage, complexity delta, and reviewer sign-off depth — is likely to emerge as a standard part of the CI/CD pipeline for serious Australian software companies. Teams that treat AI as a junior engineer requiring supervision, rather than an autonomous replacement, will out-execute those that don't.

Conclusion

The Bun and Zig dispute isn't really about one runtime or one rewrite — it's a preview of the governance gap every Australian business using AI coding tools needs to close in 2026. The businesses that win won't be the ones that avoid AI, or the ones that use it recklessly; they'll be the ones that pair AI speed with disciplined human review, protecting both their codebase and their customers' trust.

Frequently Asked Questions

What did the Zig creator say about Bun's Claude Rust rewrite?

Andrew Kelley, creator of the Zig programming language, publicly described Bun's AI-assisted Rust rewrite as 'unreviewed slop', criticising the apparent lack of thorough human review before the AI-generated code changes were merged into production.

Is it safe for Australian businesses to use AI like Claude for major code rewrites?

AI tools like Claude can safely handle major code rewrites when paired with strict human review processes. Australian businesses should apply tiered review — light checks for low-risk code, full senior review for anything touching production, payments, or customer data.

How can Australian startups avoid the 'unreviewed slop' problem with AI-generated code?

Startups should define a clear review-to-ship ratio, tag pull requests as AI-assisted or AI-authored, require senior sign-off on high-risk changes, and invest savings from AI-accelerated development into review capacity rather than cutting engineering headcount entirely.

Does using unreviewed AI-generated code create compliance risk in Australia?

Yes. For Australian businesses handling personal or financial data, unreviewed AI-generated code can create exposure under the Privacy Act 1988 and, for regulated entities, APRA's CPS 234 standard, since inadequate review undermines expected information security controls.